Ten tips for implementing an acceptable Internet use policy

Computerworld - The Web browser has become the universal window for Internet communications in today's enterprises. Pervasive Internet access and the relative ease of installing Web-based applications are empowering employees with the means to quickly load Web-based e-mail, instant messaging, peer-to-peer file-sharing clients and other Web applications on company networks.
But with the vast benefits offered by the Internet come concurrent risks to the business such as the leaking of intellectual property, productivity loss, increased legal liabilities and security risks. As such, organizations are now compelled to implement and enforce more granular policy controls over how employees use the Internet.
The need for more sophisticated Internet usage policies is clear. What's not so clear is how to design, deploy and maintain a policy that addresses the specific needs of the organization. Businesses should take the following key points into consideration when establishing an acceptable Internet use policy:

1. Conduct a current policy review. Perform an audit of your Internet usage policy and compare it with what you want your new policy to be, based on the specific needs of every element within your organization. Consider the degree of policy enforcement required. Some companies strictly enforce policy controls, while others provide warnings to their end users.
2. Distinguish between departments and employees. Today's Internet access requirements often dictate that different policy controls apply to individuals or departments, or to enterprise network segments.
3. Gain visibility of your network traffic. Use a Web traffic assessment tool, such as a proxy appliance, to identify and monitor Internet traffic and to identify specific areas or groups that are engaging in inappropriate or excessive Web use. This will allow you to analyze how much time users and user groups spend on the Internet during an "average" workday and what policies may need to be implemented.
4. Work hand-in-hand with all departments. Work with departments that have a bearing on the companywide Internet use policy, especially human resources and IT. Ensure that there are no mismatches between the policies established and the ability of the network infrastructure to support them.

5. Perform a policy test exercise. Conduct an exercise with key users when the policy is at a draft stage. This will ensure that the policy is both practical in terms of achieving its objectives and sufficiently flexible to accommodate change or emergency situations.
6. Consider possible loopholes. Users with wide discrepancies in usage rights may simply try to switch desks or computers to overcome barriers and access inappropriate applications.
7. Consider the consequences of remote connectivity. With